Added permission for auth:members_stripe_connect

no-issue This permission is used to ensure that only the Owner can authenticate/authorize the members_stripe_connect integration.
2025-01-20 22:42:53 -05:00 · 2020-06-01 12:27:14 +02:00 · 2020-06-01 12:27:14 +02:00 · 5b058d6d5b
commit 5b058d6d5b
parent 413aa06ca5
3 changed files with 62 additions and 1 deletions
--- a/core/server/data/migrations/versions/3.18/02-add-members_stripe_connect-auth-permissions.js
+++ b/core/server/data/migrations/versions/3.18/02-add-members_stripe_connect-auth-permissions.js
@ -0,0 +1,56 @@
+const ObjectId = require('bson-objectid');
+const logging = require('../../../../../shared/logging');
+
+module.exports = {
+    config: {
+        transaction: true
+    },
+    async up(options) {
+        const connection = options.transacting;
+
+        const existingIdentityPermission = await connection('permissions').where({
+            action_type: 'auth',
+            object_type: 'members_stripe_connect'
+        }).first();
+
+        if (existingIdentityPermission) {
+            logging.warn('Permission for auth:members_stripe_connect already added');
+            return;
+        }
+
+        logging.info('Adding permission for auth:members_stripe_connect');
+
+        const date = connection.raw('CURRENT_TIMESTAMP');
+
+        await connection('permissions').insert({
+            id: ObjectId.generate(),
+            name: 'Auth Stripe Connect for Members',
+            action_type: 'auth',
+            object_type: 'members_stripe_connect',
+            created_at: date,
+            created_by: 1,
+            updated_at: date,
+            updated_by: 1
+        });
+    },
+    async down(options) {
+        const connection = options.transacting;
+
+        const existingIdentityPermission = await connection('permissions').where({
+            action_type: 'auth',
+            object_type: 'members_stripe_connect'
+        }).first();
+
+        if (!existingIdentityPermission) {
+            logging.warn('Permission for auth:members_stripe_connect already removed');
+            return;
+        }
+
+        logging.info('Removing permission for auth:members_stripe_connect');
+
+        await connection('permissions').where({
+            action_type: 'auth',
+            object_type: 'members_stripe_connect'
+        }).del();
+    }
+};
--- a/core/server/data/schema/fixtures/fixtures.json
+++ b/core/server/data/schema/fixtures/fixtures.json
@ -422,6 +422,11 @@
                    "name": "Read identities",
                    "action_type": "read",
                    "object_type": "identity"
+                },
+                {
+                    "name": "Auth Stripe Connect for Members",
+                    "action_type": "auth",
+                    "object_type": "members_stripe_connect"
                }
            ]
        },
--- a/test/unit/data/schema/integrity_spec.js
+++ b/test/unit/data/schema/integrity_spec.js
@ -20,7 +20,7 @@ const fixtures = require('../../../../core/server/data/schema/fixtures');
 describe('DB version integrity', function () {
    // Only these variables should need updating
    const currentSchemaHash = '7cd198f085844aa5725964069b051189';
-    const currentFixturesHash = '1e5856f5172a4389bd72a98b388792e6';
+    const currentFixturesHash = '94cf7dfe95e88022b3515c9664af2e66';

    // If this test is failing, then it is likely a change has been made that requires a DB version bump,
    // and the values above will need updating as confirmation